If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

this is going to far IMO, soon Fedora will have most of its packages in the non-free RPMFusion Repo, but my question, why wasnt this done years ago when the project got started, why now? i find that a bit odd to say the least.

people may just Jump ship an go over to another Distro like OpenSuse or any other RPM based Distro to avoid the politics

ALL US based distros technically are under these requirements, its simply US law. Suse isn't excluded there

ALL US based distros technically are under these requirements, its simply US law. Suse isn't excluded there

According to wikipedia.de while they where connected to Novell (US) in the past now the SUSE Linux GmbH is located in Germany (GmbH is even a german sentence: "Gesellschaft mit beschränkter Haftung"). So you're wrong: They are excluded there.

1. All governments sometimes enforce export restrictions, so this concern would not just be limited to the US

2. The Wassenaar Arrangement, the big international, intergovernmental agreement on export restrictions, has specific exceptions for free and open source software. Wassenaar even exempts cryptography from control if it is open source and is in the domain of information security.

So, realistically, Fedora can accept contributions from developers from any country, as long as the project is open source. However, the implementation of these restrictions can change at any time, so all projects would be wise to audit submissions from certain countries, AND have a strategy in place for quickly replacing those contributions in the event of a new crackdown.

According to wikipedia.de while they where connected to Novell (US) in the past now the SUSE Linux GmbH is located in Germany (GmbH is even a german sentence: "Gesellschaft mit beschränkter Haftung"). So you're wrong: They are excluded there.

Didn't know they had fully changed hands, though Germany probably their own restrictions in place too

Under the Wassenaar Agreement it appears we get a structural advantage over states

Originally Posted by andyprough

1. All governments sometimes enforce export restrictions, so this concern would not just be limited to the US

2. The Wassenaar Arrangement, the big international, intergovernmental agreement on export restrictions, has specific exceptions for free and open source software. Wassenaar even exempts cryptography from control if it is open source and is in the domain of information security.

So, realistically, Fedora can accept contributions from developers from any country, as long as the project is open source. However, the implementation of these restrictions can change at any time, so all projects would be wise to audit submissions from certain countries, AND have a strategy in place for quickly replacing those contributions in the event of a new crackdown.

This is interesting: If you have to open-source your software to get out of export controls, this means open-source tools for privacy and security like Tor can cross International borders far more easily than state-level malware like FinFisher written by private contractors. FinFisher is Windows malware that has been used in places like Tunesia to spy on civil society activists and general dissidents. If the authors of FinFisher and similar malware had to release their source code to the public to get out of the country of development, countermeasure would be deployed within hours as the names of all installed files would be known, and the command and control servers could be taken down by the host governments or just by cyber counterattacks.

The ugly exception is cryptography, but that cat is so long out of the bag as to be unstoppable. Open-source cryptography is "export once, available forever," and I don't think anybody but maybe PRISM-compliant commerical software uses those 56 bit keys anymore. I suppose a US website could be set to use short keys when getting an HTTPS connection from over the border, but people don't have to use that website (or trust https when gpg is available!) and I can't imagine anyone or any non-US distro letting foreign laws to which they are not subject control what cryptography they install in their browsers.

I will freely admit to this personal goal: to see 100% of all communications "go dark" to law enforcement, globally protected with impenetrable encryption and obfuscation of both source and destination. I would so love to see the faces at Ft Meade when every phone on the planet is encrypted with ciphers they can't break, and the metadata just as hard to get at. When you do what I do in meatspace (social activism), you quickly come to consider things like the Dept of Homeland Insecurity to be the enemy.

I am getting a little sick of people complaining about the fact that Fedora is actually abiding by the laws of the country in which they operate from. Whether or not you agree with the laws regarding software patents or export restrictions in in the United States is immaterial; they need to be followed in order to ensure that both Fedora and Red Hat can continue to operate in the future.

Of course it would be nice if all of these admittedly stupid laws would be taken off the books, but I am not going to blame Fedora or anyone else for being forced into abiding by them.

Those are terrorist country according to wikipedia... help them if you are stupid. bye

Help 'them'? We're talking about accepting contributions from any random individual in those countries, not from their damn government or something. Just because someone was born in a place with bad government doesn't mean that they're bad people...

This is interesting: If you have to open-source your software to get out of export controls, this means open-source tools for privacy and security like Tor can cross International borders far more easily than state-level malware like FinFisher written by private contractors. FinFisher is Windows malware that has been used in places like Tunesia to spy on civil society activists and general dissidents. If the authors of FinFisher and similar malware had to release their source code to the public to get out of the country of development, countermeasure would be deployed within hours as the names of all installed files would be known, and the command and control servers could be taken down by the host governments or just by cyber counterattacks.

Yes, privately contracted, proprietary software would most likely fall under the export restrictions. But, off-the-shelf, commodity software that is commonly available also has an exception under the Wassenaar Arrangement. One reason that I think distros like openSUSE and Fedora should start putting boxed versions of their distros on the shelves of every computer store again, like their parents SUSE and Red Hat did in the late 90's and early 00's. Give the consumer a DVD and a printed manual and 90-days of phone support for $30, and you have another cheap exception (along with your open source licensing) to the export restrictions in most countries.